Using EC2 for such ends would be against Amazon's terms of use, of course, but as saying that if Roth's tool is used merely for testing purposes, everything's above board.

Roth's intention is to show that wireless computing that relies on the pre-shared key (WPA-PSK) system for protection is fundamentally insecure. The system is typically used by home users and smaller businesses, which lack the resources to invest in the more secure but complicated 802.1X authentication server system.

WPA-PSK relies on administrators setting a passphrase of up to 63 characters (or 64 hexadecimal digits). Anybody with the passphrase can gain access to the network. The passphrase can include most ASCII characters, including spaces.

WPA-PSK is believed to be secure because the computing power needed to run through all the possibilities of passphrases is huge. Roth's conclusion is that cloud computing means that kind of computing power exists right now, at least for weak passwords, and is not even prohibitively inexpensive.

In other words, if your network relies on WPA-PSK, its time to check that passphrase. It's claimed that up to 20 characters are enough to create an uncrackable passphrase, but the more characters you can include in the passphrase, the stronger it will be. It should be noted that Roth very probably cracked open networks with short passwords.